Redirect loop when deploying ssl enabled app to azure webapp for containers

Help
1

My domain is:
håvc.se

My web server is (include version):
nginx 1.15 alpine

The operating system my web server runs on is (include version): linux

Hi
I have been followin this guide to set up ssl for for a web app with .net core with the angular template and nginx as a reverse proxy with docker and have been running in to a lot of problems.

I used the script in the guide but modified it slightly to use a txt record for domain ownership verification instead. A certificate got generated and everything works like a charm when i run docker-compose locally except the missmatch in domain name against localhost.

So i put the generated folder with the certificates in the webapps persistent storage and everything seems to work there since nothing in the logs says it cant find them which was an earlier problem.

But when i deploy it to the webapp for containers it just wont work… I get a ERR_TOO_MANY_REDIRECTS redirect loop.

I have seen alot of posts regarding this issue and i have tried many of them but nothing seems to work.
Am i missing something obvious here? Feels like i have tried everything and i don’t know were to go from here so any help/suggestion and pointers in the right direction would be much appreciated.

My nginx.conf included below. I can add any dockerfiles aswell if something could be wrong there

 worker_processes 1;
events {
    worker_connections 1000;
}

http {

upstream webapp {
    server app-service:5000;
} 

server {
    listen 80;
    server_name xn--hvc-ula.se;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }    
}

server {
    listen [::]:443 ssl;
    listen 443 ssl;
    server_name xn--hvc-ula.se;

    server_tokens off;
    include /etc/nginx/mime.types;

    ssl_certificate /etc/letsencrypt/live/xn--hvc-ula.se/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xn--hvc-ula.se/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        
    location / {
        proxy_pass http://webapp;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}
}
1 Like
2

Hi @kaggixx

see your check, ~~2 hours old - https://check-your-website.server-daten.de/?q=xn--hvc-ula.se#url-checks

You have a redirect

https://xn--hvc-ula.se/ -> Location: https://xn--hvc-ula.se/

so it's a direct loop / redirect https + non-www -> https + non-www.

The www version doesn't have that loop, creating a screenshot with the www version works.

Your shared 443 definition doesn't have such a redirect -> so that block isn't used. Or it's a redirect from your application, .htaccess or something else.

3 Likes
3

I case someone else runs into the same problem the solution for me was this

if ($http_x_arr_ssl = "") {
        return 301 https://$host$request_uri;
 }
4

That's

curious, because you have already a redirect http -> https. And that snippet doesn't change the redirect https -> https.

Now there is a http status 404 - Not Found.

May be

$http_x_arr_ssl = ""

has removed the redirect. Or the redirect is only hidden, so it's again visible if there is another http status.

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.